Alphanumeric Password Requirement

Supported On:

Setting Label

Exchange Server 2010/2007

Exchange Server 2003

(Minimum complex characters is 3)

The Require alphanumeric password (2010/2007) and
Require both numbers and letters (2003) settings specify whether or not
the device password should consist of letters, numbers, and special characters.
When enabled, the device client is required to use a “Strong Alphanumeric”
password, which consists of lowercase letters, uppercase letters, numerals, and
special characters (@, #, &, etc.). Collectively, these four character types
are known as complex characters.

Exchange Server 2010/2007 has a Minimum
number of complex characters setting which allows you to choose the number
of each type of complex character which must exist in an alphanumeric device
password. For example, if the minimum complex character requirement is two
(2), the user will be required to create a password containing at least two (2)
lowercase letters, at least two (2) uppercase letters, at least two (2)
numerals, and at least two (2) special characters.

Exchange Server 2003 enforces a minimum
complex character requirement of three (3). This means that the user will be
required to create a password containing at least three (3) lowercase letters,
at least three (3) uppercase letters, at least three (3) numerals, and at least
three (3) special characters.

The one exception to this rule is in the case of when the
minimum password length is less than the minimum complex character requirement
multiplied by the number of complex character types. In this case, the user need
only create a password with an even distribution of the complex character types
that meets the minimum length.

For example, if a minimum complex character requirement of
three (3) is enforced, the password will need to be at least twelve (12)
characters long (3 complex characters * 4 complex character types). However, if
the minimum password length is nine (9), then the user need only enter a
nine-character password containing an even distribution of the complex character
types. The following complex character combinations would be considered valid in
this scenario:

To further illustrate this concept, the following table
provides examples of valid passwords given a minimum complex character
requirement and minimum password length:

Alphanumeric Password Examples

Min. Length

Min. Comp. Chars.

Valid Password Examples

5

2

aA1!b , 7%o$Y , 12aB# , @1AbC

10

2

aA1!bB2@cc , aaAA11!!23 , j0%73bY@Qk

15

2

aA1!bB2@ccccccc , 1111111a!A1b@B2 ,
aaAA11!!123abc?

15

3

aA1!bB2@cC3#ddd ,
abcABC123!@#efg

Notice that if the minimum length exceeds the complex
character requirement multiplied by the number of complex character types, the
password may contain any sequence of characters in any order regardless of
repetition as long as the requirement rule is met.